Is the answer to records management in the cloud?

A recent MeriTalk survey revealed the problem federal agencies have managing the growing onslaught of records and recommended steps agencies could take to get on top of the situation.

More Info

How to get on top of the federal records tidal wave

Inefficient record management is hampering operations and causing agencies to exceed annual budgets by 17 percent, or $5 million, according to a new MeriTalk survey. Read more.

One thing the study does not address is whether the move to cloud computing could help agencies better manage the growth of records and promote more collaboration across agencies. The administration initially was wary of cloud as a storage option, but that appears to be changing.

The National Archives and Records Administration in 2010 released guidance to make federal records officers more aware of the implications of moving records management to cloud infrastructures. At the time, NARA officials said that cloud applications could lack the capability to maintain records in a way that maintains their functionality and integrity throughout the records’ full lifecycle.

However, in August 2012, an Office of Management and Budget directive put NARA in charge of overseeing the development of a robust records management framework based on cloud architecture, secure storage and analytical tools.

The directive outlined a number of action items that should be completed by December 2013. One in particular relates to cloud computing. The directive states that NARA, working in conjunction with OMB, would “incorporate into existing reporting requirements an annual agency update on new cloud initiatives, including a description of how each new initiative meets Federal Records Act obligations and the goals outlined in the directive. For the initial report the agency will identify any existing use of cloud services or storage and the date of implementation.”

State governments are also turning to the cloud as a way to efficiently manage records and save money.

For instance, a cloud-based records management system in the office of Oregon’s Secretary of State produced such improvements in access and processing time that officials are now expanding it statewide. The Oregon Records Management Solution will let state, city and county agencies manage and provide access to records in an efficient, uniform manner and will save money on storage, risk and litigation costs, officials said.

inside gcn

Reader Comments

Tue, Mar 26, 2013

No. I don't care what system is out there eventually the hackers beat the system. Too much risk when dealing with privacy information. This has been proven historically and the government is no exception to the threat. When reductions come around the first individuals a Commander will get rid of is the IT people who normally continually search files for threats. Since IT has been centralized individuals can lose up to a month in lost production as all files are on computers and you can't get to them because servers have been taken down. Uneducated IT individuals with not enough certificate being assigned to do extremely valuable system loads have wiped out entire programs which can take days/weeks to recover. Don't see where the government is saving money by having a bunch of high level managers who don't do the ground work to keep programs going but draw big paychecks making decisions for organizations they have no clue about operational systems. Big mistake when IT operations were taken out of individual organizations; not it's just a bunch of finger pointing between bases blaming OPSEC and vice versus.

Fri, Mar 22, 2013
Larry
CA

No, the "answer" is not. All it results in is a set of new questions that need to be answered. While Agencies use "private clouds" that are typically not accessible from outside, they still have to establish protocols for access and carefully manage them to ensure only those who REQUIRE access to content are allowed access to it. Much of the information stored is still sensitive or subject to privacy control requirements and must be properly protected from improper access. As people move from job to job within Agencies or between Agencies, they no longer have a "need to know" or "roight to access" certain information, so access controls must be turned on and off accordingly.
Also, depending on who manages the cloud and how it is backed up, challenges will exist for isolating content in those backups from improper access while the data is "at rest".
Federal Agencies should take a hard look at lessons learned by others who have failed to improperly secure and protect data placed in "cloud repositories" in the private sector- the medical, financial and education sectors have had problems with exposure... and certain public agencies at State and Local levels who have entrusted their email and document storage to the ubiquitous cloud have also experienced problems, mainly form failing to limit access and establish proper controls.
Don't open Pandora's Box until you have set the limits for controlling what is in there!

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.